Discussion:
Authentication: Adding path to sling.auth.requirements via OSGi Service
Thorsten Rössner
2010-01-21 10:29:31 UTC
Permalink
Hello,

actually I am facing the authentication of an application.
I want to use the handleSecurity()-Method of the class SlingAuthenticator.
This works fine.

I have different paths. Some should be accessed by anonymous, others
not. So I thought I use the sling.auth.requirements property to do this.
It works fine, if I add the paths in the configuration in the web
management console.
But it is not so comfortable, because the user has to interact. So I
read about the possibility to add this paths with an OSGi service.

I created a service, that implements the AuthenticationHandler and
contains the property
@scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" value="/bla"
The bind()-Method in the ServiceTracker of SlingAuthenticator is called
and the path is inserted into authHandlerCache.

When I try to login as anonymous to /bla the path from my service gets
not checked in the method isAnonAllowed(), that tests the paths
anonymous can access , because it is not in the variable authRequiredCache.

How can I add a path to the SlingAuthenticator via OSGi service, that it
is checked in the anonymous login process?
Could it be an missing insert to the authRequiredCache?

Thanks for your help.

Thorsten
Felix Meschberger
2010-01-21 10:35:27 UTC
Permalink
Hi,
Post by Thorsten Rössner
actually I am facing the authentication of an application.
I want to use the handleSecurity()-Method of the class SlingAuthenticator.
This works fine.
Great. And great to hear, this is of use to you !
Post by Thorsten Rössner
I have different paths. Some should be accessed by anonymous, others
not. So I thought I use the sling.auth.requirements property to do this.
It works fine, if I add the paths in the configuration in the web
management console.
But it is not so comfortable, because the user has to interact. So I
read about the possibility to add this paths with an OSGi service.
I created a service, that implements the AuthenticationHandler and
contains the property
@scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" value="/bla"
The bind()-Method in the ServiceTracker of SlingAuthenticator is called
and the path is inserted into authHandlerCache.
When I try to login as anonymous to /bla the path from my service gets
not checked in the method isAnonAllowed(), that tests the paths
anonymous can access , because it is not in the variable authRequiredCache.
How can I add a path to the SlingAuthenticator via OSGi service, that it
is checked in the anonymous login process?
Could it be an missing insert to the authRequiredCache?
There are two properties:

* The "path" property (AuthenticationHandler.PATH_PROPERTY) defines the
area where the authentication handler is responsible and where it is
called in the case of extractCredentials, requestCredentials, and
dropCredentials.

* The "sling.auth.requirements" property defines a list of paths for
which it should be defined, whether authentication would be required
or not.

Both properties are handled completely separatly by the Sling Authenticator.

Thus to register an Authenticationhandler responsible for an area of the
URL space *and* also forcing authentication for that area, you have to
set both properties in the handler.

In fact the Sling Authenticator listens for *all* services registered
with a "sling.auth.requirements" registration property and sets its
authentication requirements accordingly. So, a LoginServlet could for
example register its own path to prevent authentication when calling
that servlet.

Hope this helps.

Regards
Felix
Post by Thorsten Rössner
Thanks for your help.
Thorsten
Loading...